- This topic has 0 replies, 1 voice, and was last updated 1 week, 2 days ago by
.
-
Surveillance Backdoor installed on a popular robot that allowed anyone to surveil customers around the world
Read Text Aloud
China-based manufacturer Unitree Robotics pre-installed an apparent backdoor on its popular Go1 robot dogs that allowed anyone to surveil customers around the world, according to findings from two security researchers.Why it matters: Clear evidence of a backdoor in widely sold consumer technology is rare, and it affirms longstanding concerns from U.S. officials that Chinese-made devices could quietly enable foreign surveillance.
Driving the news: A new Common Vulnerabilities and Exposures listing confirms the issue as a critical vulnerability, formally cataloged under CVE-2025-2894.
- Driving the news: A new Common Vulnerabilities and Exposures listing confirms the issue as a critical vulnerability, formally cataloged under CVE-2025-2894.
Zoom in: Anyone who came across the public-facing web API could see where Go1 robot dogs were — and if the robot was online, they could view live camera feeds without needing to log in.
- If the robot’s default Raspberry Pi credentials hadn’t been changed, attackers could also use those to fully control the dog.
- Andreas Makris and Kevin Finisterre — who are also known for exposing vulnerabilities in DJI drones — discovered the issue while tinkering with their own Go1s. They tested the flaw on each other’s devices to confirm it worked.
- They also found that robot dogs from major U.S. research universities, including MIT, Princeton and Carnegie Mellon, could have been vulnerable at some point.
What they’re saying: “If this was abused or not does not matter in this case,” the duo wrote in their paper. “The mere presence of this service without letting the user know is not a good practice and can be seen as malicious.”
Yes, but: They can’t decisively say whether Unitree intended to create a surveillance backdoor or if it was simply a case of “sloppy architecture, sloppy programming,” Makris told Axios.
The big picture: U.S. officials, lawmakers and security agencies have long warned about backdoors inserted into equipment and devices manufactured in China.
- Rep. John Moolenaar (R-Mich.), chair of the House China Select Committee, called the vulnerability a “direct national security threat” and said in a statement to Axios that the committee is actively investigating the risk it poses.
- “This isn’t merely a technology flaw — it’s an intentional and dangerous breach of our national security,” Moolenaar said. “American families, officers, and students have a right to know about any CCP access to their private environments.”
What to watch: Unitree said in a statement this morning that its newer models — like the Go2 and its humanoid robots — have a “more secure upgraded version” and were unaffected by this vulnerability.
- Unitree added that “hackers illegally obtained the management key of the third-party cloud tunnel service” and “used it to modify data and programs within the user’s machine with high-level permission.”
- Unitree said it has completely shut down the service that allowed for the Go1 backdoor, but it noted that its installation is a “common feature among many robots on the market.”
Quoted from:
https://alienskills.com/contents/SurveillanceBackdoor_1744057746130.html
- You must be logged in to reply to this topic.